NETS1037

Lab 03 - SNMP and Monitoring

The purpose of this lab is to create an SNMP monitoring station and use it to monitor the loghost, webhost, and pfsense router already installed on our virtual networks.

Create a VM on your private network to be your monitoring host

  1. Install a desktop Linux OS, just use Ubuntu unless you want to figure out how to make another OS do the same job
  2. Assign the host number 5 to the new vm as a static address and name it nmshost during the install, with the pfsense router as gateway and dns server, dns search domain is home.arpa
  3. Create the user account using your first name as the username
  4. Run sudo poweroff when it finishes installing
  5. When it finishes powering off, use a text editor on the vmx file for the VM and add the following line to the end of the file: 
    disk.EnableUUID = "TRUE"
  6. Boot your VM and login to it
  7. In a terminal window, verify that you can ping your pfsense router from your new VM using the router’s hostname
  8. If you did not set the dns search domain during the install, you can set it in a terminal window using the nmcli command: 
    sudo nmcli c m "Wired connection 1" ipv4.dns-search home.arpa
sudo nmcli c d "Wired connection 1"
sudo nmcli c u "Wired connection 1"
  9. Add the name nmshost to your pfsense Services->DNS Resolver with the domain home.arpa and the address set to .5 on the private network
  10. Verify you can ping nmshost from loghost

Set up pfsense to allow snmp monitoring

  1. Install the snmp software on the nmshost VM
    • in a terminal window on nmshost, install the snmp client-side tools 
       sudo apt update
 sudo apt install snmp
  2. Enable SNMP on pfsense for the LAN interface, community string public
  3. Verify you can access the snmp tree from nmshost using version 1 community public
    • in a terminal window on nmshost, try viewing the snmp data tree from pfsense 
      snmpstatus -v 1 -c public pfsense
snmpwalk -v 1 -c public pfsense | more
snmpwalk -v 1 -c public pfsense | wc -l

Set up loghost to allow snmp monitoring

  1. Install the snmpd daemon software on loghost
  2. Allow snmp access through your ufw firewall
  3. Modify /etc/snmp/snmpd.conf to allow access by changing the agentAddress to look this way: agentAddress udp:161,udp6:[::1]:161 
    ssh loghost
sudo apt install snmpd
sudo ufw allow 161/udp
sudo vi /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
  4. Verify you can access the snmp tree from nmshost using version 1 community public
    • in a terminal window on nmshost, test using snmp to access loghost 
      snmpstatus -v 1 -c public loghost
snmpwalk -v 1 -c public loghost | wc -l
  5. Enable full snmp tree access for community public by changing the rocommunity setting in /etc/snmp/snmpd.conf to look this way: rocommunity public 172.16.168.0/24 (use your lan network number) 
    sudo vi /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
  6. Run snmpstatus again to verify you can now retrieve more oids than you could before
    • in a terminal window on nmshost, test using snmp to access loghost 
      snmpstatus -v 1 -c public loghost
snmpwalk -v 1 -c public loghost | wc -l

Set up webhost for snmp monitoring

  1. Install the snmpd daemon software on webhost
  2. Allow snmp access through your ufw firewall
  3. Modify /etc/snmp/snmpd.conf to allow access and enable full snmp tree access like you did on loghost 
    ssh webhost
sudo apt install snmpd
sudo ufw allow 161/udp
sudo vi /etc/snmp/snmpd.conf
sudo systemctl restart snmpd
  4. Verify you can access the snmp tree from nmshost using v1 community public
    • in a terminal window on nmshost, test using snmp to access webhost 
      snmpstatus -v 1 -c public webhost
snmpwalk -v 1 -c public webhost | wc -l

Add MIBs to nmshost so that we have descriptive OIDs

  1. Install the mib downloader on nmshost (you may need to add the non-free repo to your /etc/apt/sources.list) 
    apt install snmp-mibs-downloader
  2. Configure nmshost to use the mibs when running snmp commands 
    sudo sed -i -e 's/(^mibs)/#\\1/' /etc/snmp/snmp.conf
  3. Retest using snmpwalk to verify you now see and can use descriptive oids on nmshost
    • in a terminal window on nmshost 
      snmpwalk -v 1 -c public pfsense | more

Add an SNMPv3 user to secure SNMP access and transport

You can use SNMPv3 Options or Configuring SNMPv3 section of O’Reilly book as a reference guide to adding users for snmpv3 connections.

  1. Add an snmpv3 user to /etc/snmp/snmpd.conf on the loghost and webhost machines which has authentication (using SHA) and encryption (using AES) enabled 
    echo "createUser authPrivUser SHA password123 AES password456" >>/etc/snmp/snmpd.conf
sudo systemctl restart snmpd
grep usmUser /var/lib/snmp/snmpd.conf
  2. Test that you can use authentication and encryption with snmp command line tools from nmshost to loghost (this example has username authPrivUser with password password123 for SHA login and secret password456 for AES encryption) Screenshot this command and its results including your command prompt 
    snmpstatus -u authPrivUser -a SHA -A password123 -x AES -X password456 -v 3 -l authPriv loghost
  3. Test that you can use authentication and encryption with snmp command line tools from nmshost to webhost (this example has username authPrivUser with password password123 for SHA login and secret password456 for AES encryption) Screenshot this command and its results including your command prompt 
    snmpstatus -u authPrivUser -a SHA -A password123 -x AES -X password456 -v 3 -l authPriv webhost

Turn on the firewall on nmshost

  1. Use ufw on nmshost to only allow ssh connections. 
    ufw allow 22/tcp
ufw enable

Modify the Windows desktop VM to allow snmp monitoring from nmshost

  1. Download an agent program or configure Windows (depends on your version) to provide SNMP service from Windows
  2. Install the agent and/or configure the Windows VM to allow SNMP access from nmshost
  3. Test retrieving SNMP data from the Windows VM from nmshost 
    snmpstatus -v 1 -c public windows-vm-name

Basic Monitoring with LibreNMS

LibreNMS is a pre-configured fork of Observium for common system and network monitoring tasks. It is a webapp, which can be installed on apache2 or nginx running on Linux. We will use it to demonstrate gathering data with SNMP for graphical presentation on a network monitoring station. We will use librenms because it is pre-configured.

Install librenms on nmshost

  1. On your nmshost, install librenms following the instructions at librenms install docs
  2. Add your pfsense router, your loghost, your webhost, your Windows VM, and your nmshost to the librenms device list
  3. When the devices overview page has updated to show data from the monitored hosts (may take 5 or 10 minutes depnding on how slow your host PC/mac is), screenshot the devices list showing all your machines added and their data